| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050420212323.GT58835@decibel.org> Date: Wed, 20 Apr 2005 16:23:23 -0500 From: "Jim C. Nasby" <decibel@...ibel.org> To: Tom Lane <tgl@....pgh.pa.us> Cc: Stephen Frost <sfrost@...wman.net>, pgsql-hackers@...tgresql.org, bugtraq@...urityfocus.com Subject: Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords On Wed, Apr 20, 2005 at 05:03:18PM -0400, Tom Lane wrote: > > This would allow for the pregeneration of the entire md5 > > keyspace using that 'salt' and then quick breakage of the hash once > > it's retrieved by the attacker. > > Considering the size of the possible keyspace, this is pretty silly. Actually, it's not as silly as you think. You can download rainbow tables for Windows/LanMan passwords up to 14 or 15 characters in length. Given the password hash and some code, you can determine the user's password in a matter of minutes. Simply put, MD5 is no longer strong enough for protecting secrets. It's just too easy to brute-force. SHA1 is ok for now, but it's days are numbered as well. I think it would be good to alter SHA1 (or something stronger) as an alternative to MD5, and I see no reason not to use a random salt instead of username. -- Jim C. Nasby, Database Consultant decibel@...ibel.org Give your computer some brain candy! www.distributed.net Team #1828 Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming, or what?" ---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster
Powered by blists - more mailing lists